Pebble Bay is committed to protecting your privacy. We take our responsibilities for the security of your personal data seriously.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
- Who is responsible for your personal data
For the purpose of the Data Protection Act 1998 (the “Act”), EU General Data Protection Regulation (“GDPR”), PCI-DSS, and European data protection legislation, the data controller is Pebble Bay. We control the ways your personal data are collected and the purposes for which your personal data are used by Pebble Bay.
Our Privacy Notice applies to the personal data that Pebble Bay collects and uses.
References in this Privacy Notice to Pebble Bay, “we”, “us” or “our” mean Pebble Bay Consulting Limited, a company registered in England and Wales under company number 05588025 and whose registered office is at 168 Parade, Leamington Spa, CV32 4AE.
- Purpose and lawful basis for processing your data
We process your personal data for the following purposes:
- To carry out our obligations arising from any contracts entered into between you and us.
- To comply with legal and regulatory obligations.
- For the establishment, exercise or defence of legal claims or proceedings.
- For legitimate business purposes:
- To ensure that content from www.pebblebay.com (“our website”) is presented in the most effective manner for you and for your device.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
- To allow you to participate in interactive features of our service, when you choose to do so.
- To notify you about changes to our service.
These purposes allow Pebble Bay to seek your consent to process your data for communication, education and marketing purposes (GDPR 1). Without your explicit consent, Pebble Bay will not process your data for these purposes.
The purpose and lawful basis for processing your data may change from time to time, where this Notice will be updated.
Your consent will be an explicit action from 25th May 2018.
Because of the need for consent we will not use defaulted opt-in checkboxes or include your personal data for communication and marketing purposes where you have asked only for communications relating to service delivery or in the performance of contractual obligations.
The length of time we retain your personal data will depend on any legal obligations we have, the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.
We will retain your personal data for as long as we need it in order to fulfil our purposes as set out in this Privacy Notice or in order to comply with the law.
We will not contact you if you have withdrawn consent, but you can grant or withdraw your consent at any time by contacting us.
We will also include the opportunity to unsubscribe or withdraw consent on all marketing emails.
- Personal data we collect about you
When using the term “personal data” in our Privacy Notice, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold.
We collect some personal data from you, for example when you use our website, or use our services or contact us. We may collect and process the following categories of information about you:
- Name and surname and your contact details (email address, telephone number and postal address): When you purchase our services or enquire about our services
- Personal information which may include special categories of data: Provided to us or generated by us in the course or providing services to you.
- Identification and background information: Provided by you or collected as part of our business acceptance processes.
- The communicationsyou exchange with us: When you contact Pebble Bay or you are contacted by us.
- Technical information, such as information from your visits to our website or in relation to materials and communications we send to you electronically: When you navigate on our website or interact with our communications.
- Information about your transactions.
- Information you provide to us for the purposes of attending meetings and events, including access and dietary requirements: When you register to attend our events
- Your social media account ID: When you interact with us on social media or when we target social media posts.
- Your posts and messages on social mediadirected to Pebble Bay: When you interact with us on social media.
- Your feedback: When you reply to our requests for feedback or participate in our client surveys.
- Any other information relating to you which you may provide to us.
Change of purpose
We will only use your personal data for those situations listed above, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, where this is required or permitted by law.
Sensitive personal data
Information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs or alleged commission or conviction of criminal offences is considered “sensitive personal data” under the UK Data Protection Act 1998 and other data protection laws. We do not collect this data via our website.
- How and why we use your personal data
We use your personal data for the following purposes:
- To perform our services
We use your information to perform our services in relation to your instruction or enquiry.
- To communicate with you and manage our relationship with you
We will need to contact you by email and/or telephone in the course of delivering our service to meet our contractual obligations. We may also need to contact you for administrative or operational reasons.
- Please be aware that these communications are not made for marketing purposes and as such, you will continue to receive them even if you opt-out from receiving marketing communications.
- We may also use your personal data if we contact you after you have sent us a request, filled in a web-form through our website or contacted us on social media.
- Your opinion is very important to us, so we may send you an email to seek your feedback.
- We will use the communications you exchange with us and the feedback you may provide in order to manage our relationship with you as our client and to improve our services and experiences for clients.
- To personalise and improve your customer experience
We may use your personal data in order to tailor our services to your needs and preferences and to provide you with a personalised client experience.
- We may also collect information on how you use our website, which pages of our website you visit most, which services you search for to understand what you like. We may use this information to tailor the content and offers that you see on our website and, if you have agreed to receiving marketing communications, to send you relevant messages that we think you will like.
- To inform you about our news and offers that you may like
We may send you marketing communications, if you have indicated that you are happy to receive these and you explicitly agree to receive such communications.
- If you are happy to receive marketing communications, we will provide you with news from us such as new products that you may be interested in or services that you may like.
- Please note that we do not share your contact details and other personal data with other companies for marketing purposes, unless we have obtained your consent to do so.
- If you do not want to receive marketing communications from us, you can simply tell us so by clicking the relevant box on our preference form.
- You can also choose to opt out from receiving marketing communications at any time, by clicking on the relevant unsubscribe link at the bottom of any marketing related email you may receive from us. If you prefer, you can also call us and express your preference to not receive marketing communications (Tel +44 (0)1926 421 700) or contact us by using our website contact form. We ask that you allow 28 working days to complete any unsubscribe request.
- To improve our services, fulfil our administrative purposes and protect our business interests
The business purposes for which we will use your information include accounting, billing and audit, statistical and marketing analysis, systems testing, maintenance and development.
- To comply with our legal obligations
For example, our obligation to provide your information to local police agencies.
6. How long do we retain personal data for?
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Once you are no longer a client, we will retain your personal data in accordance with our data retention policy and applicable laws and regulations.
- Requesting access to your data
You have a right to request access to the personal data that we hold about you. This could include information relating to service purchases.
If you have questions in relation to your personal data, please contact us.
- Your Right to be Forgotten
You have a right to be forgotten and have data erased and / or stop being processed where the personal data is no longer necessary for the purpose of collection, you withdraw consent, when you object to the processing or to comply with a legal obligation.
We will not erase your records as we need to maintain your transactional data for our legal obligations to the local tax and revenue authorities.
We have a number of security and governance protections in place that will be excluded from your right to be forgotten:
- Encrypted system backups. It is practically impossible to alter these backup files.
- Our anti-spam and email gateway. We maintain email archiving for security reasons, and your info may be kept in this archive. Access to this gateway is limited to named data controllers for Pebble Bay.
If you have questions in relation to your personal data, please contact us.
- Right to restrict processing
You have a right for your personal data to be stored but not processed. This is achieved through the withdrawal of consent.
If you have questions in relation to your personal data, please contact us.
- Security of your personal data
We are committed to taking appropriate technical and organisational measures to protect your personal data against unauthorised or unlawful processing and against accidental loss, destruction or damage to personal data. When you provide your personal data through our website or systems, this information is transmitted across the internet securely using high-grade encryption.
The information that you provide to us will be held in our systems, which are located on our premises or those of an appointed third party. We may also allow access to your information by other third parties who act for us for the purposes described in this Privacy Notice or for other purposes approved by you.
We are based in the UK, but may need to transfer your personal data outside the EU.
We will seek and secure your explicit consent for transferring your personal data outside the EU in circumstances where:
a) the transfer is not necessary for the consultant-client agreement
b) the EU Commission has not made an adequacy decision in respect of the country in which the recipient of the personal data is based
c) the transfer of the personal data is not subject to appropriate safeguards as set out in Article 46 of the GDPR
d) there are no binding corporate rules in place
e) no other derogation is applicable
We will retain your personal data for as long as we need it in order to fulfil our purposes set out in this Privacy Notice or in order to comply with the law.
- Cookies and other tracking technologies
In order to improve our services, to provide you with more relevant content and to analyse how visitors use our website, we may use technologies, such as cookies or tracking software. Please be aware that in most cases we will not be able to identify you from the information we collect using these technologies.
- Sharing your personal data
We may share your personal information with certain trusted third parties in accordance with contractual arrangements in place with them, including:
- Our professional advisers and auditors
- Suppliers to whom we outsource certain support
- IT service providers to Pebble Bay
- Third parties engaged in the course of the services we provide to clients and with their prior consent
- Third parties involved in hosting or organising events or seminars
Where necessary, or for the reasons set out in this Notice, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally restricted from doing so.
If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new entities or to third parties through which the business of Pebble Bay will be carried out.
Pebble Bay may use social media sites such as Facebook, LinkedIn and Twitter. If you use these services, you should review their privacy Notice for more information on how they deal with your personal information.
We do not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.
Through our website we provide links to third party websites which are subject to separate Privacy Polices. Please be aware that this Privacy Notice does not apply to such websites and Pebble Bay is not responsible for your information that third parties may collect through these websites.
- Data Protection Officer We have not appointed a DPO to oversee compliance with this Privacy Notice. If you have any questions about this Privacy Notice or how we handle your personal data, please contact your usual contact at our office. You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
- Updates to our privacy notice
We may make changes to this Privacy Notice from time to time. We will publish on our website any new version of this Notice.
- Contact information
Please contact us with any questions, comments and requests regarding this Privacy Notice.